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Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
September 25'^ 2008 has been entered. Claims 1-19, 21-22, and 24-45 are presented 
for the further examination. 



Response to Arguments 

2. Applicant's arguments with respect to claims 1-19, 21-22, and 24-45 have been 
considered but are moot in view of the new ground(s) of rejection. 

3. In response to applicant's arguments, the recitation "a firewall cluster within a 
single network, the firewall cluster Including a plurality of firewall nodes" has not been 
given patentable weight because the recitation occurs in the preamble. A preamble is 
generally not accorded any patentable weight where it merely recites the purpose of a 
process or the intended use of a structure, and where the body of the claim does not 
depend on the preamble for completeness but, instead, the process steps or structural 
limitations are able to stand alone. See In re Hirao, 535 F.2d 67, 190 USPQ 15 (CCPA 
1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 USPQ 478, 481 (CCPA 1951). 
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Claim Objections 

4. Claims 38-45 are objected to because of tine following informalities: It is unclear 
whether claims 38-45 computer readable medium or method claim as the claims are 
directed towards a method steps. For purpose of examining claims 38-45 are treated 
us system claim and computer readable medium claims. An Appropriate correction is 
required. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claims 38-45 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claims 38-45 are still directed towards a computer -readable medium 
comprising instructions. Paragraph 053 of the current application specification 
discloses that applicant intends to use software as a computer-readable medium. 
Such medium includes computer programs, machine instructions, and high level 
codes that can be executed by the compiler. However, such programs, 
instructions, and codes are not part of the hardware machine, processor, or 
compiler. Therefore, claims are directed towards non-statutory subject matter. 

The claims lack the necessary physical articles or objects to constitute a 
machine or a manufacture within the meaning of 35 USC 101. They are clearly 
not a series of steps or acts to be a process nor are they a combination of 
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chemical compounds to be a composition of matter. As such, they fail to fall 
within a statutory category. They are, at best, functional descriptive material per 
se. 

Descriptive material can be characterized as either "functional descriptive 
material" or "nonfunctional descriptive material." Both types of "descriptive 
material" are nonstatutory when claimed as descriptive material per se, 33 F.3d 
at 1360, 31 USPQ2d at 1759. When functional descriptive material is recorded 
on some computer-readable medium, it becomes structurally and functionally 
interrelated to the medium and will be statutory in most cases since use of 
technology permits the function of the descriptive material to be realized. 
Compare In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 
1994) 

Merely claiming non functional descriptive material, i.e., abstract ideas, 
stored on a computer-readable medium, in a computer, or on an electromagnetic 
carrier signal, does not make it statutory. See Diehr, 450 U.S. at 185-86, 209 
USPQ at 8 (noting that the claims for an algorithm in Benson were unpatentable 
as abstract ideas because "[t]he sole practical application of the algorithm was in 
connection with the programming of a general purpose computer."). 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill In the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1-14, 17-19, 21-22, 27-28, 30-35, 38-42 and 45 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Partridge et al US Patent Number 6,160,811 
(hereinafter Partridge) and Mikkonen US Patent Number 6,885,633 B1 (hereinafter 
Mikkonen). 

As per claim 1, Partridge discloses receiving, at a first processor, a first 
packet (column 2, lines 11-17); determining as a function of a multidimensional 
space for representing addresses [data link format for header, column 2, lines 
25-26] processed by a set of data processors, a first address for the first packet 
(see Figure 1, column 3, line 65 - column 4, line 11); and forwarding the first 
packet based on the determined first address (see Figure 1, column 3,line 65 - 
column 4, line 11). 

However, Partridge is silent about selecting one of the firewall nodes for 
processing a first packet wherein a first processor is associated with the selected 
firewall node. 

Mikkonen teaches selecting one of the firewall nodes for processing a first 
packet wherein a first processor is associated with the selected firewall node 
(See figure 1, blocks 100a - 100b, see column 2, line 65 - column 3, line 40). 
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Therefore, it would liave been obvious to one liaving ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge and 
Mikkonen to obtain the predictable result to provide a enhanced packet switched 
data handling system to a high speed network device securely switching data 
between the high speed network devices communicating behind the firewall 
using a enhanced hash function and arithmetic operations. 

As per claim 2, Partridge discloses using an N-tuple space as the 
multidimensional space (see figures 1-2 and 4-5, data link format for header). 

As per claim 3, Partridge discloses assigning to the first processor a first 
region based on the N-tuple space (see figures 1-2 and 4-5, data link format for 
header). 

As per claim 4, Partridge discloses using the first address, such that the 
first address represents a point within the first region (see Figures 1-2 and 4-5, 
column 3, line 65 - column 4, line 32). 

As per claim 5, Partridge discloses using N address values as the N-tuple, 
such that the N address values represent the point (see Figures 1-2 and 4-5, 
column 3, line 65 - column 4, line 32). 

As per claim 6, Partridge discloses using the N-tuple space, such that N is 
equal to a value of at least two (see Figures 1-2 and 4-5, column 3, line 65 - 
column 4, line 32). 
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As per claim 7, Partridge discloses assigning to a second processor a 
second region based on the N-tuple space, such that the first region is separate 
from the second region (see figures 1-2 and 4-5, data link format for header). 

As per claim 8, Partridge discloses forwarding, at the second processor, a 
second packet with a second address determined based on the second region, 
such that the second packet does not conflict with the first packet (see Figure 1 , 
column 3,line 65 - column 4, line 1 1 and column 4, lines 22- 32). 

As per claim 9, Partridge discloses forwarding, at the second processor, a 
second packet with a second address determined based on the second region, 
such that the second address does not conflict with the first address (see Figure 
1 , column 3,line 65 - column 4,line 1 1 and column 4, lines 22- 32). 

As per claim 10, Partridge discloses receiving, at a first one of the 
processors, a packet (column 2, lines 11-17); reading, at the first processor, an 
N-tuple [data link format for header] address of the received packet (see Figure 
1, column 3,line 65 - column 4,line 11); determining whether the N-tuple address 
is within an N-tuple space assigned to the first processor (see Figure 1 , column 
3, line 65 - column 4, line 32);sending the packet with the N-tuple address, when It 
Is determined that the N- tuple address is within the N-tuple space assigned to 
the first processor (see Figure 1, column 3,line 65 - column 4, line 32) ; and 
determining a modified [TSU modifies the header] N-tuple address, when it is 
determined that the N- tuple address is not within the N-tuple space assigned to 



Application/Control Number: 10/712,396 Page 8 

Art Unit: 2451 

the first processor and sending the packet with the modified N-tuple address (see 
Figure 1 , column 3,line 65 - column 4, line 32). 

However, Partridge is silent about selecting one of the firewall nodes for 
processing a first packet wherein a first processor is associated with the selected 
firewall node. 

Mikkonen teaches selecting one of the firewall nodes for processing a first 
packet wherein a first processor is associated with the selected firewall node 
(See figure 1, blocks 100a - 100b, see column 2, line 65 - column 3, line 40). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge and 
Mikkonen to obtain the predictable result to provide a enhanced packet switched 
data handling system to a high speed network device securely switching data 
between the high speed network devices communicating behind the firewall 
using a enhanced hash function and arithmetic operations. 

As per claim 11, Partridge discloses reading as the N-tuple address 
[reading headers of network packet address], a plurality of values from the 
received packet (see Figure 1 , column 3, line 65 - column 4, line 32). 

As per claim 12, Partridge discloses reading at least a source port (column 
1, lines 18-19, column 2, and lines 11-13). 

As per claim 13, Partridge discloses determining whether the N-tuple 
address is within the N-tuple space based on a comparison between the N-tuple 
address of the packet and the N-tuple space assigned to the first processor (see 
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Figures 1-2, column 3,line 65 - column 4, line 32, column 4, line 56 - column 5, 
line 43). 

As per claim 14, Partridge discloses determining whether the N-tuple 
address of the packet is within the N-tuple space based a quadrant identifier [link 
level Id] value, wherein the quadrant identifier value corresponds to the first 
processor (see Figures 1-5, column 3,line 65 - column 4, line 32, column 4, line 
56 - column 5, line 43). 

As per claim 17, Partridge discloses adding a value to the N-tuple 
address, such that the modified N-tuple address is within the N-tuple space 
assigned to the first processor (see Figures 1-2, column 3,line 65 - column 4, line 
32, column 4, line 56 - column 5, line 43). 

As per claim 18, Partridge discloses modifying the N-tuple address based 
on the quadrant identifier value (see Figures 1-2, column 3,line 65 - column 
4, line 32, column 4, line 56 - column 5, line 43). 

As per claim 19, Partridge discloses sending the packet with the N-tuple 
address, such that the packet does not conflict with another N-tuple address 
associated with a second one of the processors (see Figure 1, column 3,line 65 - 
column 4, line 1 1 and column 4, lines 22- 32). 

As per claim 21, Partridge discloses using a computer as the first 
processor (column 1, lines 8-10, column 3, and line 65). 

As per claim 22, Partridge discloses using a router as the first processor 
(column 1, line 11, column 3, and line 65). 
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As per claims 27, 30, and 45, claim 27, 30 and 45 do not teach or further 
define over the limitation as recited in claim 1. Therefore, claims 27, 30 and 45 
are rejected under same scopes as discussed in claimi , supra. 

As per claim 28, claim 28 does not teach or further define over the 
limitation as recited in claim 10. Therefore, claims 28 rejected under same 
scopes as discussed in claim 10, supra. 

As per claims 31-35 and 38-42, claims 31-35 and 38-42 do not teach or 
further define over the limitations as recited in claims 10-14. Therefore, claims 
31-35 and 38-42 are rejected under same scopes as discussed in claims 10-14, 
supra. 

9. Claims 15-16, 25-26, 29, 36-37, and 43-44 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Partridge and Mikkonen US Patent Number 6,885,633 B1 
(hereinafter Mikkonen) as applied to claims 1-14, 17-19, 21-22, 27-28, 30-35, 38-42 and 
45 above and further in view of End III US Patent Number 7,185,041 B1 (hereinafter 
End). 

Partridge discloses receiving, at a first processor, a first packet; 
determining as a function of a multidimensional space for representing addresses 
processed by a set of data processors, a first address for the first packet; and 
forwarding the first packet based on the determined first address. 

Partridge is silent about determining the identifier value based on a hash 
function and a modulo division. 
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As per claims 15, 36, and 43, End teaclies determining the identifier value 
based on a hash function (see column 4, lines 17-62). 

As per claim 16, End teaches determining the identifier value based on a 
hash function and a modulo division (see column 4, lines 17-62). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge and 
End to obtain the predictable result to provide a enhanced packet switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices using a enhanced hash function and arithmetic 
operations. 

As per claim 24, Partridge discloses receiving, at a first one of the 
processors, a packet column 2, lines 11-17); reading, at the first processor, an N- 
tuple [data link format for header] address of the received packet (see Figure 1, 
column 3,line 65 - column 4, line 11); determining whether the read N-tuple 
address corresponds to the first processor based on the quadrant identifier (see 
Figure 1, column 3,line 65 - column 4,line 32);sending the packet with the N- 
tuple address, when the quadrant identifier corresponds to the first processor 
(see Figure 1, column 3,line 65 - column 4, line 32); and determining a modified 
[TSU modifies the header] N-tuple address, when the quadrant identifier does not 
corresponds to the first processor and sending the packet with the modified N- 
tuple address(see Figure 1 , column 3,line 65 - column 4, line 32). 
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However Partridge is silent about the quadrant identifier based on a hash 
function, and modulo division. 

End teaches the quadrant identifier based on a hash function, and modulo 
division (see column 4, lines 18-62). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge and 
End to obtain the predictable result to provide a enhanced packet switched data 
handling system to a high speed network device securely switching data between 
the high speed network devices using a enhanced hash function and arithmetic 
operations. 

As per claim 25-26 Partridge is silent about the use of firewalls as the first 
processor. 

As per claim 25, Mikkonen teaches assigning each of the set of 
processors a firewall node number (See figure 1, blocks 100a - 100b, see column 
2,line 65 - column 3, line 40). 

As per claim 26, Mikkonen teaches determining the address corresponds 
to the first processor based on firewall node number (See figure 1, blocks 100a - 
100b, see column 2, line 65 - column 3, line 40). 

Therefore, it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to combine the teachings of Partridge, 
Mikkonen and End to obtain the predictable result to provide a enhanced packet 
switched and data filtering and protecting system to a high speed network device 



Application/Control Number: 1 0/71 2,396 Page 1 3 

Art Unit: 2451 

being secure from firewall to switch data securely between the high speed 
network devices using a enhanced hash function and arithmetic operations. 

As per claims 29, 37, and 44, claim 29, 37 and 44 do not teach or further 
define over the limitation as recited in claim 24. Therefore, claims 29, 37 and 44 
are rejected under same scopes as discussed in claim 24, supra. 

Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See accompanying PTO 892 form 

a. System and method for detecting and countering a network attack by 
Etheridge et al. US Publication Number 2004/0054925 A1 . 

b. Hash-based systems and methods for detecting, preventing, and tracing 
network worms and viruses by Milliken US Publication Number 2003/0115485 
Al. 

c. Dynamic packet filter utilizing session tracking by Goldberg et al. US 
Publication Number 2004/001 31 1 2 Al . 

d. IP datagram over multiple queue pairs by Graham et al. US Patent 
Number 7,133,405 B2. 

e. Handling packet fragments in a distributed network service environment 
by Albert et al. US Patent Number 6,742,045 B1 . 

11. A shortened statutory period for reply to this non-final action is set to expire 
THREE MONTHS from the mailing date of this action. Failure to respond within the 
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period for response will result in ABANDONMENT of the applicant (See 35 U.S.C 133, 
M.P.E.P 710.02,71002 (b)). 

Contact Information 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Saket K. Daftuar whose telephone number is 571-272- 
8363. The examiner can normally be reached on 8:30am-5:00pm M-W. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (BBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/S. K. D./ 
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Examiner, Art Unit 2451 

/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2451 



